fcfeee Ransomware – Community Resource Sheet (Last updated: 2024-06-XX) TECHNICAL BREAKDOWN File Extension & Renaming Patterns • Confirmation of File Extension: .fcfeee (lower-case, six letters, no space or dash). • Renaming Convention: originalname..id-.[attackeremail].fcfeee Example: Annual_Report.xlsx.id-A7F3B902.[[email protected]].fcfeee The ID is the MachineGuid hash trimmed to 8 hex characters; the e-mail varies by affiliate but is always inside…

⚠️ The “.fc” extension is re-used by several unrelated ransomware families. Because of this collision you MUST identify the exact strain before you start recovery work. Below are the three criminal groups that are currently (2023-2024) observed appending “.fc” together with the technical fingerprints you need to tell them apart. TECHNICAL BREAKDOWN 1. File Extension…

Community Resource for the ransomware that appends the extension .fbuvkngy Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension: .fbuvkngy (eight random-looking lowercase letters) Renaming convention: Original file invoice_Q3_2024.xlsx ➔ invoice_Q3_2024.xlsx.fbuvkngy Folder names remain untouched; only file contents are encrypted and the extra extension is appended. If the malware is executed more than once…

Ransomware Resource Sheet Variant tracked by encrypted-file extension: .fbsyw (Community labels: “Fbsyw locker”, sometimes bundled with the Chaos / Onyx builder) Technical Breakdown 1. File Extension & Renaming Patterns Confirmation of file extension: Every encrypted file receives the suffix .fbsyw (lower-case). Renaming convention: [original_name] + 4-to-6 random alphanumeric characters + .fbsyw Example: Quarterly.xlsx becomes Quarterly.xlsx_a9k4.fbsyw…

Ransomware Briefing: the .fbiras encryptor (Community-use summary – last updated 2024-06-XX) Technical Breakdown 1. File Extension & Renaming Patterns Confirmed extension appended: .fbiras (lower-case, no white-space) Renaming convention observed: original_name.original_ext.[victim_ID].fbiras Example: Invoice_May.xlsx → Invoice_May.xlsx.9B3C201E.fbiras – No e-mail, TOR or “LOCK” string is inserted (helps distinguish it from Phobos/Dharma look-alikes). 2. Detection & Outbreak Timeline First…

Ransomware Information Sheet Variant internally tracked by the extension “.fbi” TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmation of file extension: All encrypted files are suffixed with the lower-case string “.fbi”. Renaming convention: Original filename → <original name>.<original-extension>.fbi Example: Quarterly-Report.xlsx becomes Quarterly-Report.xlsx.fbi. The ransom note is dropped under two different names: “HOW_TO_RECOVER_FILES.hta” (launched by…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: The Faust ransomware appends “.faust” to every file it encryptes (e.g., Document.docx → Document.docx.faust). Renaming Convention: Files keep their original base-name and first extension, then the new second extension .faust is added. There is no randomised e-mail address, campaign ID, or victim UID…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .fatp Renaming Convention: – Original filename is preserved, then the extension .fatp is simply appended (e.g., Budget2023.xlsx → Budget2023.xlsx.fatp). – No fixed e-mail address, victim-ID, or random hex string is inserted, so spotting the compromise in a folder listing is easy, but it…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: “.fate” Renaming Convention: Files are renamed in the pattern [original_name].[original_extension].fate Example: Project_Q3.xlsx → Project_Q3.xlsx.fate Warning: Additional ID strings or e-mails (e.g., .{ID=D9C3F1}.[[email protected]].fate) are sometimes appended by affiliate distributors, but the final, immutable token is always .fate. 2. Detection & Outbreak Timeline First public…

CYBERSECURITY FLASH REPORT Ransomware Identifier: .fat32 (alias “FAT32 ransomware”) TECHNICAL BREAKDOWN 1. File Extension & Renaming Patterns Confirmed extension appended: .fat32 (lower-case, preceded by a dot). Renaming convention: Original file: Quarterly-Q2.xlsx After encryption: Quarterly-Q2.xlsx.fat32 No e-mail address, random bytes, or campaign-ID are inserted in the name—only the extra extension is added. This makes quick visual…